<%@ page language="java" import="java.util.*,java.sql.*, java.security.*,javax.servlet.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!-- 
功能介绍：用户登录数据验证

 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script type="text/javascript" src="<%=path %>/files/js/jquery.min.js"></script>
<script type="text/javascript" src="<%=path %>/files/js/jquery.md5.js"></script>
<%@ include file="/files/db/conn.jsp"%>
<%
	//获取登录页面的账号、密码
	String username = request.getParameter("username");
	String password = request.getParameter("password");//本来隐掉了
	String role = request.getParameter("role");
	
	String pwdmd5 = request.getParameter("hidden1");
	String salt = request.getParameter("hidden2");
	//System.out.println(pwdmd5);
	//String jieguo;
	ResultSet rs = null;
	try{
		String sql = "select * from t_user where  username='"+username.trim()+"'";
		rs = stmt.executeQuery(sql);
		
 
	      String pwdDB = "";
	
	if (rs.next()) {
	   
		pwdDB = rs.getString("password");
		//System.out.println("pwdDB:"+pwdDB);   //打印pwdDB，看查询是否正确
		
	     MessageDigest m = MessageDigest.getInstance("MD5");
			m.update(password.getBytes("UTF8"));// 这句是进行了编码
			byte s[] = m.digest();// 求哈希是这句
			String result = "";
			for (int i = 0; i < s.length; i++) {
				// 求到结果后，进行了十六进制转换
				result += Integer.toHexString((0x000000FF & s[i]) | 0xFFFFFF00).substring(6);
			}
			// 为了验证是否正确，我把他打印到控制台			
			//System.out.print(result);	
		
		
		 //if (pwdmd5.equals(result)&&rs.getString("role").equals(role)) {	
		if (pwdDB.equals(result)&&rs.getString("role").equals(role)) {
		//if (rs.getString("password").equals(password)&&rs.getString("role").equals(role)) {//账号验证成功
				session.setAttribute("username", username);
				session.setAttribute("realname",rs.getString("realname"));
				session.setAttribute("role",rs.getString("role"));
				session.setAttribute("id", rs.getString("id"));
				session.setAttribute("departmentid",rs.getString("departmentid"));
				response.sendRedirect("../../index.jsp");	
			}else{//账号验证失败跳转登录界面
				response.sendRedirect("../../login.jsp?info=0");
			}
		}else{//账号验证失败跳转登录界面
			response.sendRedirect("../../login.jsp?info=1");
		}
	} catch (Exception e) {
		out.println(e.getMessage());
	} finally {
		if (rs != null) {
			try {
				rs.close();
			} catch (Exception e) {
				e.printStackTrace();
			}
		}
		if (stmt != null) {
			try {
				stmt.close();
			} catch (Exception e) {
				e.printStackTrace();
			}
		}
		if (conn != null) {
			try {
		conn.close();
			} catch (Exception e) {
		e.printStackTrace();
			}
		}
	}
	
	
	
%>
